Back

Establish, implement, and maintain financial reports.


CONTROL ID
14770
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a financial management program., CC ID: 13228

This Control has the following implementation support Control(s):
  • Structure financial reports in accordance with external requirements, as necessary., CC ID: 14776
  • Include the report of independent Certified Public Accountants in the financial report., CC ID: 14779
  • Include the business need justification for lost value in the financial report., CC ID: 15588
  • Disseminate and communicate the financial report to interested personnel and affected parties., CC ID: 16342
  • Include financial statements in the financial report, as necessary., CC ID: 14775
  • Include information on loans to small businesses and small farms in the call report., CC ID: 16731
  • Include assets and liabilities in the call report., CC ID: 16729
  • Disseminate and communicate the call report to interested personnel and affected parties., CC ID: 16727


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Implement a process to monitor the benefits from providing and maintaining appropriate IT capabilities. IT's contribution to the business, either as a component of IT-enabled investment programmes or as part of regular operational support, should be identified and documented in a business case, agre… (PO5.5 Benefit Management, CobiT, Version 4.1)
  • The governing body should demonstrate accountability by retaining and distributing value in a transparent manner and reporting on the associated processes, decisions and results, including on the extent of the organization's impacts over time. This includes disclosing to relevant stakeholders where … (§ 6.2.3.5 ¶ 2, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • At planned intervals, the organization shall monitor and report on actual costs against the budget, review the financial forecasts and manage costs. (§ 8.4.1 ¶ 3, ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • Reading the service organization's annual report, if any, to understand (¶ 3.59 Bullet 2, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • Reading the service organization's annual report, if there is one, to understand the service organization's objectives and strategy and their relationship to the services provided to user entities (¶ 3.20 Bullet 2, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • Reading the service organization's annual report, if there is one, to understand the nature of the service organization's operations and the types of services provided (¶ 3.25 a., SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • should determine that the document that contains the pro forma financial information includes historical financial statements of the entity for the most recent year (or for the preceding year if financial statements for the most recent year are not yet available) or that such financial statements ar… (AT-C Section 310.08 a., SSAE No. 18, Attestation Standards: Clarification and Recodification)
  • The annual audited financial report shall report the financial position of the insurer as of the end of the most recent calendar year and the results of its operations, cash flows and changes in capital and surplus for the year then ended in conformity with statutory accounting practices prescribed,… (Section 5. ¶ 1., Annual Financial Reporting Model Regulation, NAIC MDL-205, 3rd Quarter 2015)
  • Ledgers (or other records) reflecting all assets and liabilities, income and expense and capital accounts. (§ 240.17a-3 (a)(2), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Securities in transfer; (§ 240.17a-3 (a)(4)(i), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Dividends and interest received; (§ 240.17a-3 (a)(4)(ii), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Securities borrowed and securities loaned; (§ 240.17a-3 (a)(4)(iii), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Securities failed to receive and failed to deliver; (§ 240.17a-3 (a)(4)(v), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Repurchase and reverse repurchase agreements. (§ 240.17a-3 (a)(4)(vii), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Transaction volume (separately stated for trading occurring during hours when consolidated trade reporting facilities are and are not in operation): (§ 240.17a-3 (a)(16)(i) (B) (2), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Securities for which transactions have been executed through use of such system; and (§ 240.17a-3 (a)(16)(i) (B) (1), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • A record of the proof of money balances of all ledger accounts in the form of trial balances and a record of the computation of aggregate indebtedness and net capital, as of the trial balance date, pursuant to § 240.15c3-1 or § 240.18a-1, as applicable. The computation need not be made by any memb… (§ 240.17a-3 (a)(11), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • As to each associated person listing each purchase and sale of a security attributable, for compensation purposes, to that associated person. The record must include the amount of compensation if monetary and a description of the compensation if non-monetary. In lieu of making this record, a member,… (§ 240.17a-3 (a)(19)(i), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Security, other than a security-based swap, as of the clearance dates all "long" or "short" positions (including securities in safekeeping and securities that are the subjects of repurchase or reverse repurchase agreements) carried by such member, broker or dealer for its account or for the account … (§ 240.17a-3 (a)(5)(i), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Ledger accounts (or other records) itemizing separately as to each cash, margin, or security-based swap account of every customer and of such member, broker or dealer and partners thereof, all purchases, sales, receipts and deliveries of securities (including security-based swaps) and commodities fo… (§ 240.17a-3 (a)(3), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Daily summaries of trading in the internal broker-dealer system, including: (§ 240.17a-3 (a)(16)(i) (B), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • A record of the daily calculation of the current exposure and, if applicable, the initial margin amount for each account of a counterparty required under § 240.18a-3(c). (§ 240.17a-3 (a)(25), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Blotters (or other records of original entry) containing an itemized daily record of all purchases and sales of securities (including security-based swaps), all receipts and deliveries of securities (including certificate numbers), all receipts and disbursements of cash and all other debits and cred… (§ 240.17a-3 (a)(1), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Security-based swap, the reference security, index, or obligor, the unique transaction identifier, the counterparty's unique identification code, whether it is a "bought" or "sold" position in the security-based swap, whether the security-based swap is cleared or not cleared, and if cleared, identif… (§ 240.17a-3 (a)(5)(ii), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • A memorandum of each brokerage order, and of any other instruction, given or received for the purchase or sale of a security, except for the purchase or sale of a security-based swap, whether executed or unexecuted. (§ 240.17a-3 (a)(6)(i), 17 CFR Part 240.17a-3 - Records to be made by certain exchange members, brokers and dealers)
  • Review examination documents and financial institution reports for outstanding issues or problems. Consider the following: (TIER I OBJECTIVES AND PROCEDURES Examination Scope Objective 1:1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Review examination documents and financial institution reports for outstanding issues or problems related to MFS. Consider the following: (AppE.7 Objective 1:1, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Documentation of any related operational or credit losses incurred, reasons for the losses, and actions taken by management to prevent future losses for each retail payment system. (App A Tier 1 Objectives and Procedures Objective 2:4 Bullet 7, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Review operational reports showing monthly or quarterly ACH debit and credit activity and, if possible, compare levels with peer financial institutions. If ACH activity is greater than peer, determine whether institution is an originating institution (ODFI). Obtain reports listing those customers fo… (App A Tier 1 Objectives and Procedures Objective 8:2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Assess the adequacy of the investigative unit in place to address customer inquiries and control non-posted items, rejects, and differences. Management should periodically receive aging reports that list outstanding items. (App A Tier 2 Objectives and Procedures F.4, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Assess the effectiveness of the investigation unit to address customer inquiries and control return items, rejected/unposted items, differences, etc. Determine whether the unit periodically generates aging reports of outstanding items for management. (App A Tier 2 Objectives and Procedures I.12, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)